Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length – Version: 2.0

Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.
Summary: Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Leave a Reply